Canmove, confirm
937
edits
Changes
→Auditable Events
* modifications, accesses, deletions, and additions of cryptographic data (e.g., cryptographic keys and audit data) and CSPs (e.g., secret and private cryptographic keys, and authentication data such as passwords and PINs): audit data and authentication data are handled below. Here we only handle cryptographic keys.
** Object management functions, where the object is a cryptographic key (object class <code>CKO_PUBLIC_KEY</code>, <code>CKO_PRIVATE_KEY</code>, and <code>CKO_SECRET_KEY</code>)
*** <code>[http://developer.mozilla.org/en/docs/FC_CreateObject FC_CreateObject]</code>: addition of cryptographic keys
**** "C_CreateObject(hSession=''<session handle>'', pTemplate=''<template pointer>'', ulCount=''<count>'', phObject=''<object handle pointer>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_CopyObject FC_CopyObject]</code>: access and addition of cryptographic keys
**** "C_CopyObject(hSession=''<session handle>'', hObject=''<object handle>'', pTemplate=''<template pointer>'', ulCount=''<count>'', phNewObject=''<object handle pointer>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_DestroyObject FC_DestroyObject]</code>: deletion of cryptographic keys
**** "C_DestroyObject(hSession=''<session handle>'', hObject=''<object handle>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_GetObjectSize FC_GetObjectSize]</code>: access of cryptographic keys
**** "C_GetObjectSize(hSession=''<session handle>'', hObject=''<object handle>'', pulSize=''<size pointer>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_GetAttributeValue FC_GetAttributeValue]</code>: access of cryptographic keys
**** "C_GetAttributeValue(hSession=''<session handle>'', hObject=''<object handle>'', pTemplate=''<template pointer>'', ulCount=''<count>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_SetAttributeValue FC_SetAttributeValue]</code>: modification of cryptographic keys
**** "C_SetAttributeValue(hSession=''<session handle>'', hObject=''<object handle>'', pTemplate=''<template pointer>'', ulCount=''<count>'')=''<return code>''"
** Key management functions
*** <code>[http://developer.mozilla.org/en/docs/FC_GenerateKey FC_GenerateKey]</code>: addition of cryptographic keys
**** "C_GenerateKey(hSession=''<session handle>'', pMechanism=''<mechanism>'', pTemplate=''<template pointer>'', ulCount=''<count>'', phKey=''<key object handle pointer>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_GenerateKeyPair FC_GenerateKeyPair]</code>: addition of cryptographic keys
**** "C_GenerateKeyPair(hSession=''<session handle>'', pMechanism=''<mechanism>'', pPublicKeyTemplate=''<template pointer>'', ulPublicKeyAttributeCount=''<count>'', pPrivateKeyTemplate=''<template pointer>'', ulPrivateKeyAttributeCount=''<count>'', phPublicKey=''<key object handle pointer>'', phPrivateKey=''<key object handle pointer>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_WrapKey FC_WrapKey]</code>: access of cryptographic keys
**** "C_WrapKey(hSession=''<session handle>'', pMechanism=''<mechanism>'', hWrappingKey=''<key object handle>'', hKey=''<key object handle>'', pWrappedKey=''<buffer that receives the wrapped key>'', pulWrappedKeyLen=''<pointer to length>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_UnwrapKey FC_UnwrapKey]</code>: access and addition of cryptographic keys
**** "C_UnwrapKey(hSession=''<session handle>'', pMechanism=''<mechanism>'', hUnwrappingKey=''<key object handle>'', pWrappedKey=''<pointer to bytes>'', ulWrappedKeyLen=''<length>'', pTemplate=''<template pointer>'', ulAttributeCount=''<count>'', phKey=''<key object handle pointer>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_DeriveKey FC_DeriveKey]</code>: access and addition of cryptographic keys
**** "C_DeriveKey(hSession=''<session handle>'', pMechanism=''<mechanism>'', hBaseKey=''<key object handle>'', pTemplate=''<template pointer>'', ulAttributeCount=''<count>'', phKey=''<key object handle pointer>'')=''<return code>''"
** Cipher "Init" functions
*** <code>[http://developer.mozilla.org/en/docs/FC_EncryptInit FC_EncryptInit]</code>: access of cryptographic keys
**** "C_EncryptInit(hSession=''<session handle>'', pMechanism=''<mechanism>'', hKey=''<key object handle>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_DecryptInit FC_DecryptInit]</code>: access of cryptographic keys
**** "C_DecryptInit(hSession=''<session handle>'', pMechanism=''<mechanism>'', hKey=''<key object handle>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_SignInit FC_SignInit]</code>: access of cryptographic keys
**** "C_SignInit(hSession=''<session handle>'', pMechanism=''<mechanism>'', hKey=''<key object handle>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_SignRecoverInit FC_SignRecoverInit]</code>: access of cryptographic keys
**** "C_SignRecoverInit(hSession=''<session handle>'', pMechanism=''<mechanism>'', hKey=''<key object handle>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_VerifyInit FC_VerifyInit]</code>: access of cryptographic keys
**** "C_VerifyInit(hSession=''<session handle>'', pMechanism=''<mechanism>'', hKey=''<key object handle>'')=''<return code>''"
*** <code>[http://developer.mozilla.org/en/docs/FC_VerifyRecoverInit FC_VerifyRecoverInit]</code>: access of cryptographic keys
**** "C_VerifyRecoverInit(hSession=''<session handle>'', pMechanism=''<mechanism>'', hKey=''<key object handle>'')=''<return code>''"
** Miscellaneous
*** <code>[http://developer.mozilla.org/en/docs/FC_DigestKey FC_DigestKey]</code>: access of cryptographic keys
**** "C_DigestKey(hSession=''<session handle>'', hKey=''<key object handle>'')=''<return code>''"
* attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
